ORGANIZATION-BASED POLICIES

US 20150199535A1
Filed: 01/12/2015
Published: 07/16/2015
Est. Priority Date: 01/13/2014
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

detecting, by a computer system, a first event relative to a first user;

determining, by the computer system, that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event;

determining, by the computer system, that a first policy is associated with a parent node of the first leaf node;

determining, by the computer system, that a second policy is associated with the first leaf node;

in response to determining that the second policy is associated with the first leaf node, selecting, by the computer system, the second policy instead of the first policy for application to the first user; and

applying, by the computer system, the selected policy to the first user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for representating, managing and storing data related to an organization are provided. An identity management system is disclosed that is configured to manage, represent and store data related to an organization. The identity management system reads data pertaining to an organization from a directory and generates a data model of the organization. The identity management system performs operations to manage the data related to an organization using the data model. The operations include adding logical organizations to the data model and defining user-membership policies associated with entities and logical organizations in the data model. The operations may further include identifying policies to be applied to the users of the organization. In some embodiments, the operations include re-assigning a logical organization and its associated user membership policies to different entities within in the data model while maintaining user-membership policies associated with the logical organization.

13 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- detecting, by a computer system, a first event relative to a first user;
  
  determining, by the computer system, that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event;
  
  determining, by the computer system, that a first policy is associated with a parent node of the first leaf node;
  
  determining, by the computer system, that a second policy is associated with the first leaf node;
  
  in response to determining that the second policy is associated with the first leaf node, selecting, by the computer system, the second policy instead of the first policy for application to the first user; and
  
  applying, by the computer system, the selected policy to the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1 further comprising:
    - detecting, by the computer system, a second event relative to a second user;
      
      determining, by the computer system, that the second user belongs to a second organization that is represented by a second leaf node in the hierarchical tree of nodes, based at least in part on the second event;
      
      determining, by the computer system, that a third policy identified by the second event is associated with a parent node of the second leaf node;
      
      in response to determining that the third policy is associated with the parent node, selecting, by the computer system, the third policy of the parent node for application to the second user; and
      
      applying, by the computer system, the selected third policy to the second user.
  - 3. The computer-implemented method of claim 1, wherein selecting the second policy associated with the first leaf node is based at least in part on determining that the first leaf node is farthest in a path from a root organization represented by a root node in the hierarchical tree of nodes.
  - 4. The computer-implemented method of claim 1, further comprising determining that the second policy is identical to the first policy.
  - 5. The computer-implemented method of claim 2, further comprising selecting the third policy of the parent node based at least in part on determining that the third policy identified by the second event is not associated with the second leaf node in the hierarchical tree of nodes.
  - 6. The computer-implemented method of claim 1, wherein the hierarchical tree of nodes represents a data model of an organization comprising at least a first organization and a second organization.
  - 7. The computer-implemented method of claim 1, wherein at least one of the first organization or the second organization represents a logical organization of the organization, wherein the logical organization represents a sub-organization of the organization not represented in a directory of the organization.

8. An identity management system, comprising:
- a data reader configured to read data from a directory of an organization;
  
  a data modeler configured to generate a data model of the organization based at least in part on the data, the data model comprising a hierarchical tree of nodes representing one or more entities of the organization; and
  
  a policy identifier configured to identify a policy to be applied to a first user of the organization, the policy identifier further configured to;
  
  detect a first event relative to the first user;
  
  based at least in part on the first event, determine that the first user belongs to a first entity of the one or more entities of the organization, the first entity represented by a first leaf node in the hierarchical tree of nodes;
  
  determine that a first policy is associated with a parent node of the first leaf node;
  
  determine that the second policy is associated with the first leaf node;
  
  in response to determining that the second policy is associated with the first leaf node, identifying the second policy instead of the first policy for application to the first user; and
  
  applying, by the computer system, the second policy to the first user.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The identity management system of claim 8, wherein the data modeler is further configured to:
    - identify the one or more entities of the organization;
      
      identify relationships between the one or more entities; and
      
      generate the data model based at least in part on the identified entities and the identified relationships.
  - 10. The identity management system of claim 9, wherein at least one of the one or more entities represents a logical organization of the organization, wherein the logical organization represents a sub-organization of the organization not represented in a directory of the organization.
  - 11. The identity management system of claim 8, wherein the policy identifier is further configured to identify the second policy associated with the first leaf node based at least in part on determining that the first leaf node is farthest in a path from a root organization represented by a root node in the hierarchical tree of nodes.
  - 12. The identity management system of claim 8, wherein the policy identifier is further configured to:
    - detect second event relative to a second user;
      
      determine that the second user belongs to a second entity of the one or more entities represented by a second leaf node in the hierarchical tree of nodes, based at least in part on the second event;
      
      determine that a third policy identified by the second event is associated with a parent node of the second leaf node;
      
      in response to determining that the third policy is associated with the parent node, select the third policy of the parent node for application to the second user; and
      
      apply the selected third policy to the second user.
  - 13. The identity management system of claim 8, wherein the policy identifier is further configured to select the third policy of the parent node based at least in part on determining that the third policy identified by the second event is not associated with the second leaf node in the hierarchical tree of nodes.
  - 14. The identity management system of claim 8, wherein at least one of the first policy and the second policy identify one or more organization-specific policies to be applied to the first user of the organization, based at least in part on the generated data model.

15. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to detect a first event relative to a first user;
  
  instructions that cause the one or more processors to determine that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event;
  
  instructions that cause the one or more processors to determine that a first policy is associated with a parent node of the first leaf node;
  
  instructions that cause the one or more processors to determine that a second policy is associated with the first leaf node;
  
  in response to determining that the second policy is associated with the first leaf node, instructions that cause the one or more processors to select the second policy instead of the first policy for application to the first user; and
  
  instructions that cause the one or more processors to apply the selected policy to the first user.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable media of claim 15, the instructions further comprising instructions that cause the one or more processors to select the second policy associated with the first leaf node based at least in part on instructions to determine that the first leaf node is farthest in a path from a root organization represented by a root node in the hierarchical tree of nodes.
  - 17. The computer-readable media of claim 15, the instructions further comprising instructions that cause the one or more processors to:
    - detect a second event relative to a second user;
      
      determine that the second user belongs to a second organization that is represented by a second leaf node in the hierarchical tree of nodes, based at least in part on the second event;
      
      determine that a third policy identified by the second event is associated with a parent node of the second leaf node;
      
      in response to determining that the third policy is associated with the parent node, select the third policy of the parent node for application to the second user; and
      
      apply the selected policy to the second user.
  - 18. The computer-readable media of claim 15, the instructions further comprising instructions that cause the one or more processors to select the third policy of the parent node based at least in part on instructions to determine that the third policy identified by the second event is not associated with the second leaf node in the hierarchical tree of nodes.
  - 19. The computer-readable media of claim 15, wherein the hierarchical tree of nodes represents a data model of an organization comprising at least a first organization and a second organization.
  - 20. The computer-readable media of claim 15, wherein at least one of the first organization or the second organization represents a logical organization of the organization, wherein the logical organization represents a sub-organization of the organization not represented in a directory of the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Wilson, Gregory Alan, Jagtap, Achyut Ramchandra, Arora, Jyoti

Application Number

US14/594,866
Publication Number

US 20150199535A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/282   Hierarchical databases, e.g...

G06F 21/6218   to a system of files or obj...

H04L 63/20   for managing network securi...

ORGANIZATION-BASED POLICIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ORGANIZATION-BASED POLICIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links